Home page logo

pen-test logo Penetration Testing mailing list archives

From: Pete Herzog <lists () isecom org>
Date: Mon, 23 Jun 2008 19:42:02 +0200


Wow! There was a large response from people in the USA wanting to know more about the trust metrics and OSSTMM 3.0, specifically security metrics - the RAVs - I wrote about in the Making Sense of Trust article.

I want to make clear that although we have the way that Trust can be calculated, so far we have to make specific tasks for each unique test type. There is no generic set of test tasks that can be applied. At least none that I have yet. We do plan on having them for future OSSTMM versions though.

As for the OSSTMM 3.0 stuff, if you want more familiarity on how to apply it to pen testing, you can take the OPST or OPSA certification classes and exams. In the US, there is a condensed (2-day) class next weekend in Indiana for those interested and one next month in Connecticut.

You can contact Chris Griffin if you're interested in the classes (Chris.Griffin-AT-isecom.org) or ISECOM directly through our CONTACT page.


Pete Herzog

This list is sponsored by: Cenzic

Top 5 Common Mistakes in Securing Web Applications
Get 45 Min Video and PPT Slides


  By Date           By Thread  

Current thread:
  • OSSTMM in the USA Pete Herzog (Jun 23)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]